Web Server identification technology secrets

Author: Tr0j4n
From: http://hi.baidu.com/tr0j4n

[1] using nc to view the HTTP header returned by the web Server
The syntax is nc www.qq.com 80.

[2] based on the elements in the URL

Extension
Technologies used
Server Platform
 
. Pl
PerlCGI script
Various platforms, generally Unix
 
. Asp
Activity Server Page
Microsoft IIS
 
. Aspx
ASP +
Microsoft. NET
 
. Php
PHP script
Various platforms, generally Apache
 
. Cfm
ColdFusion
General interface with Microsoft Server
 
Nsf
Lotus Domino
 
 

However, the Web server is flexible in configuration, and the gateway can deliberately mess up file types to hide information about all technologies. Identifying servers is also an art, such as the service pages (jsp) used by Java servers.

The front-end Web server used and the Java application used to execute JSP files cannot provide any clues. Below are some URL examples to help you dashboard the network:

(1) www.xxx.com/homepage.nsf? Open
This is a Lotus Domino server. You can use nc to view the information returned from the report header. The nsf file also gives us a clear picture.

(2) www.xxx.com/software/buy.jhtml?jsessionid=zqweurbf69ud6dog8
Using nc to view the header, it is found that the returned server is Microsoft-IIS/4.0, but Microsoft-IIS/4.0 does not support. jhtml, which is actually a Java Html page. Therefore, this is an application and Microsoft-

IIS/4.0 works together. The jsessionid = ZQWEURBF69UD6DOG8 is an evidentiary feature of the ATG Dynamo Application Server. It provides Java Html files and executes Java Servlet.

(3) www.xxx.com/cgi-bin/nperformance3/execmacro/webstore/home.d2w/repeat
This is a typical URL used by the IBM Net. Data e-commerce platform. Both the n1_c4and ExecMacro strings are key strings for revealing the technical type. Home. d2w is an Application Macro written in the IBM Net. Data scripting language.

, Repeat is one of the many methods provided by the Application Macro.

(4) www.xxx.com/site/index/0,10017,252.16,00.html
This type of URL is not very common and does not look like a static HTML page. If we browse this site, the specific numbers will change and the overall URL structure remains unchanged. It is a typical URL of Vignett Story Server.

Popular Content servers, often used with Netscape Enterprise and Microsoft-IIS/4.0.

(5) www.xxx.com/report.cgi? Page = 3
This is a very obvious one. At the beginning, we can guess that the Apache server is running and the applications written in perl are used. Use cgi to provide script technical support.

(6) www.xxx.com/webapp/wcs/stores/servlet/Display? StoreId = 10001 & langID =-1 & catalogID = 10001 & catagoryID = 10052 & cleatance = 0 & catTree = 10053
We cannot see that we have submitted an incomplete url--www.xxx.com/webapp/wcs/stores/test. As a result, the page shows a force error. It was originally the IBM WebSphere server!

[3] viewing with cookies
The two methods described above can only be used as one standard, but the information they return is not necessarily the most authentic. The server can map the Server Page extension. asp to. cgi by modifying its server type string,

In this way, you can hide key technologies that are not recognized by hackers and have the opportunity. However, the information displayed through cookies is absolutely authentic. I listed some common cookie types and their corresponding server types below.

To view.

Server Cookie format
Apache = 220.86.136.115.308631204331944536139
Iis aspsessionidggqggcvc = KELHFOFDIHOIEBUOYINPEGKM
ATG Dynamo JSESSIONID = H4TQQOLIENTO2BELINPULCDEFIN3AAYUGOEL304
IBMNet. Data

SESSION_ID = 307823, wfbdlintkmladthcaa1+ iKneilweJEMYRUU/VIABFOXPLUGME8e + licenslogOlienMIKEYXLTEA
ColdFusion CFID =, 587643 CFTOKEN = 25631988